| TBL's points here are well-made. In particular, there's the issue that security is a multidimensional probability field, not a binary state. The questions of secure document transfer and/or interchanges are: 1. Am I talking to the party I intended to? 2. Is the communication free from third-party interception? 3. Is the message itself originated by the party I intended? 4. Are the contents of that message as originally intended by the author? (Possibly more, but those strike me as the Big Four.) There are various ways for this to fail, and there are different and independent assurances which can be afforded. I remeber the first time I heard phrases to the effect of "you can trust our secure webserver" in the context of commercial transactions, and cringed. The present HTTP / HTTPS split addresses only a subset of these concerns, and few of them well, whilst breaking multiple elements of functionality. I will note that TBL seems to be concerned over the expiration of old, previously-valid URLs. To that I can only say that this appears to be a lost battle. The duration of a contemporary URL is on the order of 40-45 days, I think from the Internet Archive. That's scarcely longer than an old-school Usenet post might be relied on to persist online, and suggests to me that perhaps the successor to Usenet is the Web, with origins and various archival services (archive.org, archive.is, the NSA, ...) providing robust storage needs to various audiences. |